Description:
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is allocated to your AWS account and is yours until you release it. By using an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. Alternatively, you can specify the Elastic IP address in a DNS record for your domain, so that your domain points to your instance.
Rationale:
This policy checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs).
Impact:
Amazon Web Services enforce a small hourly charge if an Elastic IP (EIP) address within your account is not associated with a running EC2 instance or an Elastic Network Interface (ENI). It recommends releasing any unassociated EIPs that are no longer needed to reduce your AWS monthly costs.
Default Value:
By default, Amazon will not release any Elastic IPs.
Pre-requisites:
Sign in as admin or IAM user with required permissions
Make sure are releasing only unassociated or unused IPs only
Remediation:
Test Plan:
- Sign into the AWS Management Console.
- Go to VPC dashboard at https://console.aws.amazon.com/vpc/.
- Click on Elastic IPs, in the navigation pane
- Select Unassociated from the Filter dropdown menu, to filter all the available EIPs and return the unattached ones.
- The filtering process should return the Elastic IPs that are not currently associated with any running EC2 instances or Elastic Network Interfaces (ENIs). The unattached EIPs returned at this step can be safely released.
Using AWS CLI:
aws ec2 describe-addresses
Implementation Steps:
- Sign into the AWS Management Console.
- Go to VPC dashboard at https://console.aws.amazon.com/vpc/.
- Click on Elastic IPs, in the navigation pane
- Select Unassociated from the Filter dropdown menu, to filter the available EIPs and return the unattached ones.
- Select the unassociated EIP(s) returned, click the Actions dropdown button from the dashboard top menu and select Release Address.
- In the Release Address confirmation box, review the unattached EIP(s) listed and click Yes, Delete button to remove the selected EIP(s) from your AWS account.
Using AWS CLI:
aws ec2 release-address
–-region us-east-1
--allocation-id eipalloc-c264f1bb
Backout Plan:
If you have released your Elastic IP address, you might be able to recover it. The following rules apply:
You cannot recover an Elastic IP address if it has been allocated to another AWS account, or if it will result in your exceeding your Elastic IP address limit.
You cannot recover tags associated with an Elastic IP address.
You can recover an Elastic IP address using the command line.
aws ec2 allocate-address --domain vpc --address <value>
Note:
If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account.
Reference:
ec2 — AWS CLI 1.20.36 Command Reference
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#working-with-eips
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#eip-basics